<?php
include('../../admin/php/bootstrap.php');

function parse_signed_request($signed_request, $secret) {
    list($encoded_sig, $payload) = explode('.', $signed_request, 2);

    // decode the data
    $sig = base64_url_decode($encoded_sig);
    $data = json_decode(base64_url_decode($payload), true);

    if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
        error_log('Unknown algorithm. Expected HMAC-SHA256');
        return null;
    }

    // check sig
    $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
    if ($sig !== $expected_sig) {
        error_log('Bad Signed JSON signature!');
        return null;
    }

    return $data;
}

function base64_url_decode($input) {
    return base64_decode(strtr($input, '-_', '+/'));
}

$config['secret_key'] = "9f71458d92cd3e9f4ee9740f8da46f9a";
$data = parse_signed_request($_REQUEST['signed_request'], $config['secret_key']);
$fbUserId = $data['user_id'];

if ($email = Doctrine::getTable('email')->findOneByFacebook($fbUserId)) {
    $email->facebook = null;
    $email->save();
}
?>